DUO Implementation for pfSense Based OpenVPN Server with RADIUS (AD) Integration - Step by Step
DUO Implementation for pfSense Based OpenVPN Server with RADIUS (AD) Integration- Step by Step
In case someone needs step by step instructions for implementing DUO for OpenVPN w/Radius. This is for Microsoft AD environment. You may change it as needed, if you have a different authentication environment.
a. OpenVPN Server
b. RADIUS Authentication
- Windows Network Policy Server (NPS)
- DUO Authentication Proxy (most likely a VM)
- Configure OpenVPN Server with RADIUS authentication method and use the RADIUS Authentication Server you configured. Details are in the link below
- Test the new OpenVPN Server with an AD user to make sure it is fully functional.
- Login to DUO site and configuration application protection profile. Select OpenVPN as the app to protect.
- Install DUO Authentication Proxy on a separate VM (you don’t have to but make sure it is not in conflict with anything else wherever you decide to install it). Link is below
- Edit the following file with the parameters below
C:\Program Files (x86)\Duo Security Authentication Proxy\conf\authproxy.cfg
Make sure everything else is removed or disabled in this file.
6. Start (or restart if already started) the “DuoAuthProxy” Service in windows Services (in DUO Authentication Proxy VM)
7. Go to Windows NPS server configuration page and add DUO Authentication Proxy under RADIUS Clients section, use the IP address of DUO Authentication Proxy VM’s IP address.
8. Test the whole setup from a client computer with OpenVPN client.